The German IT Security Act 2.0 (IT-SiG 2.0) has been in force since May 2021. Due to this new law, significantly more German companies have been classified as operators of critical infrastructures (KRITIS) than ever. This is a major cause of headaches for many managers. In addition, IT departments are starting to ask themselves: "Are we now regarded as KRITIS"? And if so, "What do we have to take into consideration?"

Egnyte recently gave a sneak peek of exciting new features and capabilities that will be incorporated into the platform in the coming months. These upgrades underscore Egnyte's commitment to helping companies control data risk, reduce IT cost and complexity, and delight end users. The latest look at the roadmap was delivered in a series of webinars as part of the summer edition of State of Egnyte.

Have you been worried about whether your deployment is secure? Are you tired of keeping track of all security vulnerabilities and vendor-provided patches to ensure that your exposure to such vulnerabilities is minimized? What about making sure that the certificates for your hundreds of forwarders, indexers, search heads and other Splunk connectors are not expired? You’re not alone!

Enterprise risk management (ERM) is a disciplined, holistic way to identify, manage, and mitigate risk throughout your entire enterprise. IT risk management (ITRM) is one subset of that effort, focused on identifying and managing risks specific to IT functions. An industry-accepted ITRM framework can help you implement an ITRM program quickly and with minimal disruption.

The Federal Risk and Authorization Management Program (FedRAMP) is meant to assure the security of cloud services used by the U.S. government. It standardizes the security assessments, authorizations, and continuous monitoring of cloud service offerings (CSOs) used by federal government agencies.

Becoming ISO 9001 compliant can be difficult. It requires those who are seeking it to be open to change, and to be able to commit to their new Quality Management System (QMS) processes and controls. Additionally, having to continuously stay compliant with the QMS can add a lot of pressure. But… the payoff is worth it.

How and why do attackers target an organization’s Active Directory (AD)? This blog, which is part 8 of the series A Practical approach to Active Directory Domain Services, will provide you with the answers. In this part, we will examine what attackers gain by compromising the AD setup. We will also look at some of the most noted means by which AD is compromised. There are two main sections to this blog.

In June 2022, Cyberint observed a new hacktivist campaign targeting multiple Israeli organizations and enterprises coordinated via different social media platforms. The campaign is led by hacktivists originating in a group called GhostSec. GhostSec was first identified in 2015 and was initially founded to attack ISIS in the cyber realm as part of the fight against Islamic extremism.

This is the first part of a three-blog series on startup security. Software vulnerabilities are the bane of every security team. A newly discovered vulnerability can turn a crucial software product into a ticking timebomb waiting to be exploited. Security practitioners and IT teams tasked with protecting their organizations must identify and mitigate a constant stream of new vulnerabilities before their presence results in a breach.